Critical Vulnerability Detected in SBI website

A critical vulnerability is found in SBI website by Mr. Abhirup Guha, head trainer of INFO SECURITY SOLUTION on July 15, 2015

Mr. Abhirup Guha has already initiated the bank about such harmful loop hole.

Mr. Guha said “I found a critical bug in SBI website, as the website is down and affected by a TLS based attack ‘LOGJAM'”. Now what is this ‘LOGJAM’?

According to Mr. Guha

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically:

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Who is affected?

Websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers are at risk for the Logjam attack. We use Internet-wide scanning to measure who is vulnerable.

Protocol Vulnerable to Logjam
HTTPS — Top 1 Million Domains 8.4%
HTTPS — Browser Trusted Sites 3.4%
SMTP+StartTLS — IPv4 Address Space 14.8%
POP3S — IPv4 Address Space 8.9%
IMAPS — IPv4 Address Space 8.4%

Websites that use one of a few commonly shared 1024-bit Diffie-Hellman groups may be susceptible to passive eavesdropping from an attacker with nation-state resources. Here, we show how various protocols would be affected if a single 1024-bit group were broken in each protocol, assuming a typical up-to-date client (e.g., most recent version of OpenSSH or up-to-date installation of Chrome).

ssl_handshake_diffie_hellman[1]

Reasons to worry about Logjam vulnerability:

  • The flaw allows an attacker to trick a web browser into believing that it is using a regular key, not the export key version.
  • Many PCs reuse the same large numbers to generate the keys, which makes them easier for attackers to crack.
  • The flaw has been present for more than 20 years affecting HTTPS, SSH, IPsec, SMTPS, and other protocols that rely on TLS.

The flaw affects any server supporting DHE_EXPORT ciphers and all modern browsers. An estimated 8.4 percent of the top one Million sites and a significant percentage of mail servers are vulnerable to the new vulnerability because they support those export keys.
Mr. Guha said “So we can easily figure it out that how harmful it is for SBI website.”

Leave a Reply

Your email address will not be published. Required fields are marked *